Shortly after I read that, I saw an article at SecurityWeek that the government plans to spend upwards of $13.5 billion in security by the year 2015. This article provided a bit of an answer to Reeder's post. Why is the government not able to do a better job of securing federal networks? The answer (and reason for the spending outlook), according to the SecurityWeek article:

Driven by a 445 percent increase in cyber security incidents since 2006, a shortage of qualified cyber security experts, and an increasingly complex and interconnected technology environment, a recent research report from INPUT forecasts federal investment in information security will increase to $13.3 billion by 2015 at a compound annual growth rate of 9.1 percent, nearly twice the rate of overall federal IT spending.

The article goes on to say that the U.S. lacks cybersecurity talent, and frankly, that surprises me. An increasing number of colleges and universities are offering cybersecurity, cyber forensics and similar undergraduate and graduate degree programs, along with other training opportunities for those with an IT background. SecurityWeek, however, stated some of the following reasons why talent (and hiring) are lacking. They include:

. Scholarship for Service (SFS) and DOD Information Assurance Scholarship Program (IASP) are not producing enough entry-level workers.

. Some cybersecurity experts claim that current professional certification programs focus heavily on documenting compliance rather than actually reducing risk.